12 matches found
EUVD-2010-5053
Malware in sbrugna...
CVE-2010-5089
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information...
SUSE CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
Publify Access Control Error Vulnerability
Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from an access control error in draft mode, which could be exploited by an attacker to comment on articles in draft mode...
Publify Incorrect Authorization
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...
GHSA-79M3-Q3WH-C3QM Publify Incorrect Authorization
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...
Publify 安全漏洞
Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from an access control error in draft mode, which could be exploited by an attacker to comment on articles in draft mode...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
CVE-2010-5089
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information...
Information disclosure
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information...